Protecting Information with Encryption | Office of the Chief Information Officer

Introduction

Nowadays, data protection is not only a corporate governance issue but also a law compliance issue. Losing sensitive data can lead to severe consequences both to the affected parties as well as to the organization. If data leakage is caused by your overlooking, negligence, or improper protection, you will be held responsible. Sensitive data such as personal information, financial information, human resource matters, research works, product designs, and so on are invaluable and/or private. They should be secured at all times to protect their integrity and confidentiality.

There are many different security protection mechanisms, and besides physical protection, data encryption is perhaps the simplest, most effective, and commonly used one. The following are the most recent data encryption technologies and solutions for meeting different data protection needs.

Encryption for Data at rest

You will need to use these different approaches on different occasions:

Always encrypt sensitive documents. Using the built-in features of the latest version of MS Office and Adobe Acrobat Professional with strong passwords will address most of the information leakage risks.
Always encrypt disk volumes of mobile computers and shared PCs. BitLocker is particularly designed for this type of protection.
Always encrypt removable media (for example, USB flash drives). BitLocker To Go covers the protection of these devices. However, if you still have not upgraded your PCs to Windows 10, you may have to choose a thumb drive supporting FIPS compliant encryption for the protection.
Commercial products such as SecureZIP (or open-source utilities) may be needed for encryption of folders and files of other file types.

Encryption for Data in motion

Although this document focuses on the encryption support for data at rest, various means of encryption protection for data in motion are mentioned below for completeness:

Always use SSH and SFTP for remote access and file transfer
Use HTTPS for filling in forms and account login, and use HTTPS for other access when there is a choice
Use VPN service when accessing systems involving sensitive data
Use SSMTP service when accessing Email service for sending Email from a public network
Always choose WPA2 for Wireless LAN connection whenever it is supported

References

Please refer to the following resources for more information:

Advanced Encryption Standard (AES) from Wikipedia
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
FIPS PUB 140-2 Security Requirements for Cryptographic Modules from NIST
http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
Policies on Use of IT Services and Resources
http://wikisites.cityu.edu.hk/sites/upolicies/itpolicy/Wiki Pages/Home.aspx